[GitHub] [mina-sshd] archiecobbs opened a new issue, #370: ModifiableFileWatcher should watch for changes in BasicFileAttributes.fileKey()

Fri, 12 May 2023 15:17:58 -0700 


archiecobbs opened a new issue, #370:
URL: https://github.com/apache/mina-sshd/issues/370

   ### Version
   
   sshd-2.9.2-55-gd4b951a10
   
   ### Bug description
   
   `ModifiableFileWatcher` is supposed to detect when a file changes.
   
   However, it's possible for a file to change and for `ModifiableFileWatcher` 
to not detect the change.
   
   Consider the following somewhat contrived but not unreasonable scenario:
   * User public key files are built into an RPM and stored in files 
`/opt/pubkey/adam`, `/opt/pubkey/jeff`, etc.
   * The current admin's key (e.g., Adam's) is stored as a symlink like 
`/var/pubkey/admin -> /opt/pubkey/adam`
   * We authorization SSH login via `new AuthorizedKeysAuthenticator(new 
File("/var/pubkey/admin").toPath())`
   
   Adam gets fired for being an evil hacker, so we quickly make Jeff the new 
admin like this:
   ```bash
   $ ln -sf /opt/pubkey/jeff /opt/pubkey/adam
   ```
   Phew! We think Adam is no longer authorized, but...
   * `/var/pubkey/admin` has never not existed at any point in time
   * `/opt/pubkey/adam` and `/opt/pubkey/jeff` are the exact same size since 
they contain the same type of public key and the usernames (added as a comment 
after the public key) are the same length
   * `/opt/pubkey/adam` and `/opt/pubkey/jeff` have the same modification 
timestamp, since they were installed at the same time as part of the same RPM
   
   Therefore, `ModifiableFileWatcher` will fail to notice that the file has 
changed. So evil Adam is still the admin!
   
   Solution: Along with `lastExisted`, `lastModifed`, and `lastSize`, 
`ModifiableFileWatcher` should also track the value of 
`BasicFileAttributes.fileKey()` in a field `lastFileKey`, and detect a file 
change if this value changes.
   
   
   ### Actual behavior
   
   No file change detected.
   
   ### Expected behavior
   
   File change detected.
   
   ### Relevant log output
   
   _No response_
   
   ### Other information
   
   _No response_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to